Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe, <SYSTEM32>\svchost .exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'svchost' = '<SYSTEM32>\svchost .exe'
- <SYSTEM32>\svchost .exe
- %WINDIR%\mslib.ocx.exe
- <SYSTEM32>\regsvr32.exe /s MSWINSCK.OCX.ocx
- %WINDIR%\mslib.ocx.exe
- %WINDIR%\mswinsck.ocx
- <SYSTEM32>\svchost .exe
- <SYSTEM32>\svchost .exe
- %TEMP%\~DFCB45.tmp
- %TEMP%\~DFD8A8.tmp
- 'ir#.icq.com':6667
- DNS ASK ir#.icq.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'ReBarWindow32' WindowName: ''
- ClassName: 'MSTaskSwWClass' WindowName: ''
- ClassName: 'ToolBarWindow32' WindowName: ''
- ClassName: 'TrayClockWClass' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Button' WindowName: ''
- ClassName: 'TrayNotifywnd' WindowName: ''